Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                




DNSのキャッシュについて - 金利0無利息キャッシング – キャッシングできます - subtech

DJBDNS の以下の記述を見る限り、旧ネームサーバが返すNS一覧に、現行NSが含まれていれば、旧ネームサーバの応答は有効なものと判断して良い、ということだと思います。逆に、旧ネームサーバの返すNS一覧に現行NSが含まれないのであれば、その応答は無視されるべき(さもないとセキュリティ上の問題が発生する)ということになるのでしょうか。

So a child server often lists more NS records than its parent. It includes the NS records along with its answers, so that caches will replace the NS records from the parent with the NS records from the child. If the NS records (and associated addresses) expire after the answers do, the caches will use the complete NS list to find the new answers, and will obtain a fresh NS list at that point. The load is spread among all the servers, though not as evenly as it would be if the parent listed more servers.

Unfortunately, BIND 8.2 won't cache the fresh NS list. After the old list expires, BIND contacts the parent servers and again obtains the incomplete NS list.

Beware that, because of the ``credibility'' rules described above, the NS records from the child servers must include the NS records from the parent. Otherwise an attacker can break BIND's access to the child servers.


自分には良くわからんです... てかグルーレコードだけ使ってればいいと思うよ \^o^/